QRLJacking – New Social Engineering Attack Vector

QRLJacking or Quick Response Code Login Jacking is a simple-but-nasty attack vector affecting all the applications that relays on “Login with QR code” feature as a secure way to login into accounts which aims for hijacking users session by attackers.

This attack vector is made by Mohamed Abdelbasset Elnouby (@SymbianSyMoh) security researcher from Seekurity Labs.

Using QRLJacking you can use to hijack session for following services: